33949 matches found
MAL-2026-3309 Malicious code in google-cloud-secret-manager-config-poc (npm)
Malicious npm package published by the microsop threat actor as part of a dependency-confusion campaign that impersonates internal tooling at Microsoft, Google Cloud, and PayPal using inflated semver values e.g. 99.9.x, 100.1.x to win npm resolution against private internal packages. All packages...
EUVD-2026-26834
A vulnerability was found in Acrel Electrical EEMS Enterprise Power Operation and Maintenance Cloud Platform 1.3.0. This impacts an unknown function of the file /SubstationWEBV2/main/uploadH5Files. The manipulation of the argument File results in unrestricted upload. The attack may be launched...
CVE-2026-7695 Acrel Electrical EEMS Enterprise Power Operation and Maintenance Cloud Platform elecMaxMinAvgValue sql injection
A vulnerability has been found in Acrel Electrical EEMS Enterprise Power Operation and Maintenance Cloud Platform 1.3.0. This affects an unknown function of the file /SubstationWEBV2/main/elecMaxMinAvgValue. The manipulation of the argument fCircuitids leads to sql injection. The attack may be...
EUVD-2026-26833
A vulnerability has been found in Acrel Electrical EEMS Enterprise Power Operation and Maintenance Cloud Platform 1.3.0. This affects an unknown function of the file /SubstationWEBV2/main/elecMaxMinAvgValue. The manipulation of the argument fCircuitids leads to sql injection. The attack may be...
Malicious code in sf-vmeval-requests (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 a8fa27c8dc6bf13a4f5d92f14414a4f5efc08c1df7f33591a010b4f824e84bc1 During import package exfiltrates the environment variables and cloud credentials/tokens to a hardcoded location. --- Category: MALICIOUS - The campaign has...
MAL-2026-3242 Malicious code in sf-vmeval-requests (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 a8fa27c8dc6bf13a4f5d92f14414a4f5efc08c1df7f33591a010b4f824e84bc1 During import package exfiltrates the environment variables and cloud credentials/tokens to a hardcoded location. --- Category: MALICIOUS - The campaign has...
CVE-2026-7678
A vulnerability was identified in YunaiV yudao-cloud up to 2026.01. This affects the function getDataBySQL of the file yudao-module-report-biz/src/main/java/io/github/ruoyi/report/service/impl/GoViewDataServiceImpl.java. Such manipulation leads to sql injection. It is possible to launch the attac...
CVE-2026-7679
A security flaw has been discovered in YunaiV yudao-cloud up to 2026.01. This impacts the function getAccessToken of the file yudao-module-system-biz/src/main/java/io/github/ruoyi/common/oauth2/service/impl/OAuth2TokenServiceImpl.java. Performing a manipulation results in improper authentication...
CVE-2026-7679
YunaiV yudao-cloud (up to 2026.01) is affected. The flaw resides in OAuth2TokenServiceImpl.java (getAccessToken) where manipulation leads to improper authentication. The issue is exploitable remotely with a PROOF-OF-CONCEPT exploit and no remediation details are provided in the available document...
CVE-2026-7679
A security flaw has been discovered in YunaiV yudao-cloud up to 2026.01. This impacts the function getAccessToken of the file yudao-module-system-biz/src/main/java/io/github/ruoyi/common/oauth2/service/impl/OAuth2TokenServiceImpl.java. Performing a manipulation results in improper authentication...
CVE-2026-7679 YunaiV yudao-cloud OAuth2TokenServiceImpl.java getAccessToken improper authentication
A security flaw has been discovered in YunaiV yudao-cloud up to 2026.01. This impacts the function getAccessToken of the file yudao-module-system-biz/src/main/java/io/github/ruoyi/common/oauth2/service/impl/OAuth2TokenServiceImpl.java. Performing a manipulation results in improper authentication...
CVE-2026-7679 YunaiV yudao-cloud OAuth2TokenServiceImpl.java getAccessToken improper authentication
A security flaw has been discovered in YunaiV yudao-cloud up to 2026.01. This impacts the function getAccessToken of the file yudao-module-system-biz/src/main/java/io/github/ruoyi/common/oauth2/service/impl/OAuth2TokenServiceImpl.java. Performing a manipulation results in improper authentication...
EUVD-2026-26814
A security flaw has been discovered in YunaiV yudao-cloud up to 2026.01. This impacts the function getAccessToken of the file yudao-module-system-biz/src/main/java/io/github/ruoyi/common/oauth2/service/impl/OAuth2TokenServiceImpl.java. Performing a manipulation results in improper authentication...
EUVD-2026-26813
A vulnerability was identified in YunaiV yudao-cloud up to 2026.01. This affects the function getDataBySQL of the file yudao-module-report-biz/src/main/java/io/github/ruoyi/report/service/impl/GoViewDataServiceImpl.java. Such manipulation leads to sql injection. It is possible to launch the attac...
CVE-2026-7678
A vulnerability was identified in YunaiV yudao-cloud up to 2026.01. This affects the function getDataBySQL of the file yudao-module-report-biz/src/main/java/io/github/ruoyi/report/service/impl/GoViewDataServiceImpl.java. Such manipulation leads to sql injection. It is possible to launch the attac...
CVE-2026-7678 YunaiV yudao-cloud GoViewDataServiceImpl.java getDataBySQL sql injection
A vulnerability was identified in YunaiV yudao-cloud up to 2026.01. This affects the function getDataBySQL of the file yudao-module-report-biz/src/main/java/io/github/ruoyi/report/service/impl/GoViewDataServiceImpl.java. Such manipulation leads to sql injection. It is possible to launch the attac...
CVE-2026-7678
CVE-2026-7678 affects YunaiV yudao-cloud (up to 2026.01). The vulnerability is in GoViewDataServiceImpl.java (yudao-module-report-biz/src/main/java/io/github/ruoyi/report/service/impl/GoViewDataServiceImpl.java) where user-controlled input can influence SQL execution, resulting in SQL injection ....
yudao-cloud 授权问题漏洞
Yudao-Cloud is a backend management system developed by YunaiV’s individual developer. Versions of Yudao-Cloud prior to 2026.01 contained an authorization issue vulnerability. This vulnerability originated from the function getAccessToken in the file...
PT-2026-36727
Name of the Vulnerable Software and Affected Versions YunaiV yudao-cloud versions prior to 3.8.1 Description An authentication bypass exists in the Ruoyi-Vue-Pro component. Manipulation of the mock-token argument within the doFilterInternal function of the JwtAuthenticationTokenFilter.java file...
PT-2026-36722
Name of the Vulnerable Software and Affected Versions JD Cloud JDCOS version 4.5.1.r4518 Description A flaw in the Service Interface component allows remote command injection. The issue exists within the set iptv info function of the '/jdcap' file, where improper handling of the vid argument...